CVE-2019-14826

Summary

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.

Affected Software

VendorProductVersion RangeStatus
Red HatipaFreeIPA versions 4.5.0 and lateraffected

Weaknesses

  • CWE-613: CWE-613

ADP Enrichment

CVE Program Container

Additional References

References